diff options
| author | Chris Koch <chrisko@google.com> | 2020-07-09 18:47:06 -0700 |
|---|---|---|
| committer | insomniac <insomniacslk@users.noreply.github.com> | 2020-07-10 16:49:07 +0100 |
| commit | f80356b40e79a2c07bf20ebbb328e3c9df14d0bf (patch) | |
| tree | 797b378271018e9863a117a74bd011ee39f20bbb /netboot/netconf.go | |
| parent | d74cd86ad5b8d0fbef8217631f7968bd7bab0d72 (diff) | |
netconf: apply v6 addresses as /128
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684009
"Note that the dhcpv6 protocol doesn't have an option for a netmask. So
it is always /128 and routing is left to icmpv6 router advertisements."
RFC 5942 is a good read here as well:
An address could be acquired through the DHCPv6 identity association
for non- temporary addresses (IA_NA) option from [RFC3315] (which
does not include a prefix length), or through manual configuration
(if no prefix length is specified). The host incorrectly assumes an
invented prefix is on-link. This invented prefix typically is a /64
that was written by the developer of the operating system network
module API to any IPv6 application as a "default" prefix length when
a length isn't specified.
As DHCP developers, we *HAVE* to assume that no prefix is on-link. The
correct way to do that is to specify the netmask as /128.
The kernel will RA/RS their way around to figure out what prefixes are
indeed on-link.
Signed-off-by: Chris Koch <chrisko@google.com>
Diffstat (limited to 'netboot/netconf.go')
| -rw-r--r-- | netboot/netconf.go | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/netboot/netconf.go b/netboot/netconf.go index 60468a7..2ecf472 100644 --- a/netboot/netconf.go +++ b/netboot/netconf.go @@ -44,8 +44,17 @@ func GetNetConfFromPacketv6(d *dhcpv6.Message) (*NetConf, error) { for _, iaaddr := range iana.Options.Addresses() { netconf.Addresses = append(netconf.Addresses, AddrConf{ IPNet: net.IPNet{ - IP: iaaddr.IPv6Addr, - Mask: net.CIDRMask(64, 128), + IP: iaaddr.IPv6Addr, + + // This mask tells Linux which addresses we know to be + // "on-link" (i.e., reachable on this interface without + // having to talk to a router). + // + // Since DHCPv6 does not give us that information, we + // have to assume that no addresses are on-link. To do + // that, we use /128. (See also RFC 5942 Section 5, + // "Observed Incorrect Implementation Behavior".) + Mask: net.CIDRMask(128, 128), }, PreferredLifetime: iaaddr.PreferredLifetime, ValidLifetime: iaaddr.ValidLifetime, |